From owner-freebsd-ports@FreeBSD.ORG  Fri Jan 22 12:20:51 2010
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 07F31106566C
	for <freebsd-ports@freebsd.org>; Fri, 22 Jan 2010 12:20:51 +0000 (UTC)
	(envelope-from tom@FreeBSD.org)
Received: from eborcom.com (pochard.scrubhole.org [62.3.122.102])
	by mx1.freebsd.org (Postfix) with SMTP id 4F9CC8FC12
	for <freebsd-ports@freebsd.org>; Fri, 22 Jan 2010 12:20:49 +0000 (UTC)
Received: (qmail 54586 invoked by uid 1001); 22 Jan 2010 11:54:08 -0000
Date: Fri, 22 Jan 2010 11:54:08 +0000
From: Tom Hukins <tom@FreeBSD.org>
To: Matthew Seaman <m.seaman@infracaninophile.co.uk>
Message-ID: <20100122115408.GY756@eborcom.com>
Mail-Followup-To: Matthew Seaman <m.seaman@infracaninophile.co.uk>,
	rihad <rihad@mail.ru>, freebsd-ports@freebsd.org
References: <4B587EBE.8040403@mail.ru>
	<4B588EED.6080602@infracaninophile.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B588EED.6080602@infracaninophile.co.uk>
User-Agent: Mutt/1.4.2.2i
Cc: rihad <rihad@mail.ru>, freebsd-ports@freebsd.org
Subject: Re: Using Perl 5.8.8
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2010 12:20:51 -0000

On Thu, Jan 21, 2010 at 05:29:17PM +0000, Matthew Seaman wrote:
> portdowngrade is what you'ld have to use.  However, perl-5.8.8 has known
> security vulnerabilities:
> 
>    http://www.vuxml.org/freebsd/4a99d61c-f23a-11dd-9f55-0030843d3802.html

It looks like VuXML might have got that wrong.  The referenced CVE
describes Perl 5.8.4 as fixing this bug:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448

Furthermore, 5.8.9's release notes mention no security fixes:
http://search.cpan.org/~nwclark/perl-5.8.9/pod/perl589delta.pod

While I can't think of any good reason to prefer 5.8.8 over 5.8.9, the
former has no known defects I would describe as "security
vulnerabilities".

Tom